CVE-2026-3695

MEDIUM

Modern Image Gallery App 1.0 - Path Traversal

Title source: llm

Description

A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

References (6)

[Various Sources] https://gist.github.com/hackusman/e618b915514ed24b9333c72152bb7218

[Various Sources] https://gist.github.com/hackusman/e618b915514ed24b9333c72152bb7218#-detailed-proof-of-concept-poc

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.349641

[Permissions Required, VDB Entry] https://vuldb.com/?id.349641

[Permissions Required, VDB Entry] https://vuldb.com/?submit.765591

[Various Sources] https://www.sourcecodester.com/

Scores

CVSS v3 6.5

EPSS 0.0002

EPSS Percentile 5.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Classification

CWE

CWE-22

Status published

Affected Products (1)

remyandrade/modern_image_gallery_app

Timeline

Published Mar 08, 2026

Tracked Since Mar 08, 2026